lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20160827093135.GA28378@1wt.eu>
Date:   Sat, 27 Aug 2016 11:31:35 +0200
From:   Willy Tarreau <w@....eu>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Jiri Slaby <jslaby@...e.cz>
Cc:     Jari Ruusu <jariruusu@...rs.sourceforge.net>,
        linux-kernel@...r.kernel.org, stable@...r.kernel.org,
        Al Viro <viro@...iv.linux.org.uk>,
        Ben Hutchings <ben@...adent.org.uk>
Subject: Re: [PATCH 3.10 099/180] fix d_walk()/non-delayed __d_free() race

Greg, Jiri,

I checked Jari's explanation below and found that v3.14.77 and v3.12.62
are missing the same fix as 3.10. In fact Al's original commit 3d56c25
("fix d_walk()/non-delayed __d_free() race") used to mention to check 
this __d_materialise_dentry() function in the Cc: stable line, but this
got lost during the backports.

Normally all of our 3 kernels need to apply the following patch that
Ben correctly put in 3.16 and 3.2. I'm fixing the backport in 3.10.103
right now.

Cheers,
Willy

diff --git a/fs/dcache.c b/fs/dcache.c
index 2a808fb..2d0b9d2 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -2401,6 +2401,7 @@ static void __d_materialise_dentry(struct dentry *dentry, struct dentry *anon)
 	switch_names(dentry, anon);
 	swap(dentry->d_name.hash, anon->d_name.hash);
 
+	dentry->d_flags |= DCACHE_RCUACCESS;
 	dentry->d_parent = dentry;
 	list_del_init(&dentry->d_child);
 	anon->d_parent = dparent;


On Mon, Aug 22, 2016 at 04:56:57PM +0300, Jari Ruusu wrote:
> This patch for 3.10 branch appears to be missing one important
> 
> +       dentry->d_flags |= DCACHE_RCUACCESS;
> 
> in fs/dcache.c __d_materialise_dentry() function. When Ben Hutchings
> backported Al Viro's original fix to stable branches that he maintains,
> he added that one additional line to both 3.2 and 3.16 branches. Please
> consider including that additional one line fix for 3.10 stable branch
> also.
> 
> 
> Ben Hutchings said this on his 3.2.82-rc1 patch:
> [bwh: Backported to 3.2:
>  - Adjust context
>  - Also set the flag in __d_materialise_dentry())]
> 
> http://marc.info/?l=linux-kernel&m=147117565612275&w=2
> 
> 
> Ben Hutchings said this on his 3.16.37-rc1 patch:
> [bwh: Backported to 3.16:
>  - Adjust context
>  - Also set the flag in __d_materialise_dentry())]
> 
> http://marc.info/?l=linux-kernel&m=147117433412006&w=2
> 
> 
> Also mentioned by Sasha Levin on 3.18 and 4.1 commits:
> Cc: stable@...r.kernel.org # v3.2+ (and watch out for __d_materialise_dentry())
> 
> http://marc.info/?l=linux-stable-commits&m=146648034410827&w=2
> http://marc.info/?l=linux-stable-commits&m=146647471009771&w=2
> 
> -- 
> Jari Ruusu  4096R/8132F189 12D6 4C3A DCDA 0AA4 27BD  ACDF F073 3C80 8132 F189

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ